diff options
| author | Patrick Steinhardt <ps@pks.im> | 2016-02-23 11:23:26 +0100 |
|---|---|---|
| committer | Patrick Steinhardt <ps@pks.im> | 2016-02-23 12:07:14 +0100 |
| commit | 0f1e2d2066115e62fd7396e0f436b4a5dd8384cd (patch) | |
| tree | 1a1bd1bb3a67d671d135d7f3b7a74e73a3ec2e92 /src/index.c | |
| parent | 7808c93797b3fa9f552bd2e24672089b8d27ad2a (diff) | |
| download | libgit2-0f1e2d2066115e62fd7396e0f436b4a5dd8384cd.tar.gz | |
index: fix contradicting comparison
The overflow check in `read_reuc` tries to verify if the
`git__strtol32` parses an integer bigger than UINT_MAX. The `tmp`
variable is casted to an unsigned int for this and then checked
for being greater than UINT_MAX, which obviously can never be
true.
Fix this by instead fixing the `mode` field's size in `struct
git_index_reuc_entry` to `uint32_t`. We can now parse the int
with `git__strtol64`, which can never return a value bigger than
`UINT32_MAX`, and additionally checking if the returned value is
smaller than zero.
We do not need to handle overflows explicitly here, as
`git__strtol64` returns an error when the returned value would
overflow.
Diffstat (limited to 'src/index.c')
| -rw-r--r-- | src/index.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/index.c b/src/index.c index 85c2f8ea8..483f7af7c 100644 --- a/src/index.c +++ b/src/index.c @@ -2135,11 +2135,11 @@ static int read_reuc(git_index *index, const char *buffer, size_t size) /* read 3 ASCII octal numbers for stage entries */ for (i = 0; i < 3; i++) { - int tmp; + int64_t tmp; - if (git__strtol32(&tmp, buffer, &endptr, 8) < 0 || + if (git__strtol64(&tmp, buffer, &endptr, 8) < 0 || !endptr || endptr == buffer || *endptr || - (unsigned)tmp > UINT_MAX) { + tmp < 0) { index_entry_reuc_free(lost); return index_error_invalid("reading reuc entry stage"); } |